Current cellular communication networks offer a high degree of security to users. Security ensures both authentication of users to the network and vice versa, and protection against eavesdropping. Security may also provide integrity protection allowing a recipient of data (possibly within the network) to confirm the integrity of sent data. This may involve a sender adding an integrity checksum to a message and which is computed using a secret key. The receiver, knowing the secret key, can verify the integrity checksum and thereby ensure that the message has indeed been sent by the trusted sender and has not been tampered with while in transit.
The known security mechanisms have been developed to work efficiently with conventional cellular network use cases. These tend to be concerned with users possessing mobile devices such as mobile telephones, smart phones, and other wireless enabled devices, and who make use of voice and data services. Such services involve the transfer of significant amounts of data to and from the user devices. Volumes of signalling traffic associated with these scenarios are not great when compared to the transferred data volumes. As such, the signalling overheads associated with security mechanism such as client and network authentication are relatively small.
In the coming years it is expected that there will be a rapid growth in so-called machine-to-machine (M2M) applications that use cellular network infrastructure. Such applications involve devices such as sensors and actuators communicating with other devices or network servers, often without direct human operation. An example application might involve domestic electricity meters configured to periodically transmit electricity consumption readings to a server owned by the utility company supplying electricity. M2M application are expected to massively increase the number of wirelessly connected devices in use with cellular networks. Ericsson™ has predicted 50 billion such devices by the year 2020.
A feature that distinguishes M2M applications from conventional cellular network services is the relatively small amounts of data traffic associated with the former. An electricity meter reading application might, for example, require only the sending of a few bytes of data each month. Nonetheless, given the huge number of devices that are expected to be in use, the total volume of traffic that will be added to networks will be very great. The existing signalling mechanisms including those associated with security are not necessarily well suited to M2M applications, and only add to the load on the network.
Due to the relatively small volumes of data associated with individual M2M transactions, it may be desirable to send data from a device to the core network via a signalling connection within a Non Access Stratum (NAS). This approach can avoid the need to establish a separate bearer specifically for data traffic. Moreover, whilst a device is authenticated to the core network, there is no authentication between the mobile node and the base stations within the RAN, as would be the case were data to be sent using a data bearer (requiring as it would the pre-establishement of security associations between the mobile node and the base station). This might however open the possibility of “fake” base stations attracting devices, resulting, for example, in a denial-of-service to devices. It will be appreciated that integrity protecting messages sent from the client devices will not by itself be sufficient to prevent a denial-of-service attack.
This problem may be mitigated by requiring a recipient node within the core network, for example a Serving GPRS Support Node (SGSN) of a 3G network or a Mobility Management entity (MME) of an LTE network, to return acknowledgements for each packet received from a mobile node. It is important that the acknowledgements are verifiable, in the sense that they allow a mobile node to verify that an acknowledgement has been issued by the intended recipient node. As has already been noted however, given the relatively small volumes of data likely to be associated with M2M applications, it is desirable to minimise the signalling overheads to avoid overloading cellular networks.
3GPP TS 23.272 describes a mechanism for delivering Short Message Service (SMS) messages over NAS signalling. Each SMS message is acknowledged by the core network with an integrity protected acknowledgement. However, this again leads to a relatively high volume of signalling and is unsuitable for widely used M2M services.